CVE-2026-51536

EIPStackGroup · OpENer

A stack-based buffer overflow in OpENer 2.3.0 occurs during CIP packet parsing, caused by an integer overflow and truncation when handling length parameters.

Executive summary

An unauthenticated remote attacker can trigger a Denial of Service condition in OpENer 2.3.0 by sending a specially crafted CIP network packet.

Vulnerability

This vulnerability is a stack-based buffer overflow triggered by an integer overflow and truncation during EPATH decoding. The flaw resides in the CIP message router and impacts the NotifyMessageRouter, CreateMessageRouterRequestStructure, and DecodePaddedEPath functions.

Business impact

The vulnerability carries a CVSS score of 9.1, indicating a critical severity level. Successful exploitation results in a Denial of Service condition, which can disrupt industrial operations relying on the EtherNet/IP protocol stack. This poses a significant risk to system availability in environments where OpENer is deployed.

Remediation

Immediate Action: Review the vendor advisory at https://github.com/EIPStackGroup/OpENer/issues/563 and apply available security updates or configuration changes recommended by EIPStackGroup.

Proactive Monitoring: Monitor network traffic for malformed CIP packets directed at the EtherNet/IP stack and review system logs for unexpected crashes or service restarts.

Compensating Controls: Implement firewall rules to restrict access to EtherNet/IP ports to authorized internal segments only, reducing the attack surface.

Exploitation status

Public Exploit Available: Yes, a public proof-of-concept exists as referenced in the provided data.

Analyst recommendation

Given the critical CVSS score and the existence of a public proof-of-concept, organizations should prioritize the identification and patching of all OpENer instances. If an immediate patch is unavailable, restrict network access to the affected services to prevent remote exploitation.